Google Chrome Browser 0.2.149.27 Denial of Service Exploit
Title: Google Chrome Browser 0.2.149.27 Denial of Service Exploit
Advisory ID: ZSL-2008-4894
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 04.09.2008
Exploit coded by Gjoko Krstic - <gjoko@zeroscience.mk>
[2] http://www.lifedork.com/google-chrome-browser-crash-script-proof-of-concept.html
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2008-4894
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 04.09.2008
Summary
Google Chrome is a web browser that runs web pages and applications with lightning speed.Description
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It lies in dealing with the POP EBP instruction when pointed out by the EIP register at 0x01002FF4.Vendor
Google Inc. - http://www.google.comAffected Version
0.2.149.27Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
N/APoC
goodos.htmlCredits
Vulnerability discovered by Rishi NarangExploit coded by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/filedesc/google-chrome-dos2.txt.html[2] http://www.lifedork.com/google-chrome-browser-crash-script-proof-of-concept.html
Changelog
[04.09.2008] - Initial releaseContact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
